Date : 06 Mar, 2025
What is Nessus?
Nessus is a vulnerability scanner developed by Tenable. Itβs widely used by cybersecurity professionals to find weaknesses in systems, applications, and networks.
Faq
Its main job?
To scan systems for known vulnerabilities like missing patches, misconfigurations, weak passwords, and more.
Vulnerability Scanning Using Nessus:
- Nessus is a popular tool used to scan systems for vulnerabilities.
- First, business approval is required before scanning, especially for critical servers to avoid system crashes.
- Scans are usually done after business hours to reduce risk.
- Ensure firewalls allow access to the scanner.
Why use Nessus?
Because it helps:
- Identify security gaps before attackers do
- Discover vulnerabilities across multiple platforms (Windows, Linux, network devices, web apps, etc.)
- Generate detailed vulnerability reports for audits and remediation
- Stay compliant with standards (e.g., PCI-DSS, HIPAA, etc.)
What can Nessus scan?
Nessus can scan for:
- OS vulnerabilities (Windows/Linux)
- Missing security patches
- Default or weak credentials
- Network service issues (e.g., open ports)
- SSL/TLS problems
- Web app vulnerabilities
- Misconfigured firewalls, routers, and switches.
Types of Nessus Scans
| Type | Description |
|---|---|
| Basic Network Scan | Scans all devices in a network for common vulnerabilities |
| Advanced Scan | Customizable scan with specific plugins, credentials, etc. |
| Web Application Scanning | Detects web vulnerabilities (e.g., XSS, SQLi) |
| Credentialed Scan | Authenticates into the system for deeper scanning |
| Compliance Scan | Checks if systems follow industry standards |
How Nessus Works
-
You configure a target IP or network range in Nessus
-
Select or customize a scan policy
-
Start the scan
-
Nessus runs thousands of plugins to check for known issues
-
Generates a report with:
- π΄ Critical
- π High
- π‘ Medium
- π΅ Low risk vulnerabilities
-
Nessus provides results in PDF/CSV/HTML formats